CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

187 matches found

Cvelist•added 2024/11/01 2:17 p.m.•15 views

CVE-2024-38769 WordPress Arconix Shortcodes plugin <= 2.1.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tyche Softwares Arconix Shortcodes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix Shortcodes: from n/a through 2.1.11...

5.3CVSS0.00176EPSS

Exploits0References1

OSV•added 2024/10/26 10:15 a.m.•2 views

CVE-2024-9772

The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

7.3CVSS6.1AI score

Exploits0References3

Patchstack•added 2024/10/25 10:37 p.m.•2 views

WordPress Uix Shortcodes plugin <= 1.9.9 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin Uix Shortcodes versions = 1.9.9...

7.3CVSS7.1AI score0.09043EPSS

Exploits0References1Affected Software1

OSV•added 2024/10/25 8:15 a.m.•1 views

CVE-2024-10342

The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

5.4CVSS5.9AI score

Exploits0References2

OSV•added 2024/10/23 11:15 a.m.•2 views

CVE-2024-8500

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 7.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.4CVSS5.9AI score

Exploits0References3

NVD•added 2024/10/23 11:15 a.m.•10 views

CVE-2024-8500

5.4CVSS0.00255EPSS

Exploits0References3

Patchstack•added 2024/10/18 12:0 a.m.•11 views

WordPress Arconix Shortcodes Plugin <= 2.1.12 is vulnerable to Cross Site Scripting (XSS)

Software Arconix Shortcodes Type Plugin Vulnerable versions = 2.1.12 Fixed in 2.1.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9703 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a08dfc08b266 Credits Peter Thaleikis...

6.4CVSS5.7AI score0.0031EPSS

Exploits0References3Affected Software1

Patchstack•added 2024/10/07 12:34 a.m.•3 views

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.16.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading and Icon Picker Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Modern Heading and Icon Picker Widgets vulnerability discovered by Webbernaut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.16.3...

6.4CVSS5.8AI score0.00256EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/09/26 10:59 a.m.•22 views

CVE-2024-8725 Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload

Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possible for authenticated attackers, with...

6.8CVSS0.00317EPSS

Exploits0References4

NVD•added 2024/09/25 3:15 a.m.•14 views

CVE-2024-9027

The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00233EPSS

Exploits0References3

CVE•added 2024/09/25 2:5 a.m.•49 views

CVE-2024-9027

CVE-2024-9027 affects the WPZOOM Shortcodes WordPress plugin (versions up to and including 1.0.5). Root cause: insufficient input sanitization and output escaping on the box shortcode attributes, enabling stored XSS. Exploitation requires authentication at contributor level or higher, with the at...

6.4CVSS5.5AI score0.00233EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2024/07/10 2:15 a.m.•2 views

CVE-2023-7062

The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive...

8.8CVSS5.6AI score0.03293EPSS

Exploits0References3

CVE•added 2024/07/03 4:31 a.m.•55 views

CVE-2024-4543

CVE-2024-4543 affects the WordPress plugin Snippet Shortcodes . The vulnerability is a Cross-Site Request Forgery due to missing or incorrect nonce validation when adding or editing shortcodes, enabling unauthenticated attackers to modify shortcodes by tricking an admin into performing an action....

4.3CVSS4.7AI score0.00092EPSS

Exploits0References2Affected Software1

WPVulnDB•added 2024/06/11 12:0 a.m.•10 views

WP Shortcodes Plugin — Shortcodes Ultimate < 7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox Shortcode

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sulightbox shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

6.4CVSS5.7AI score0.00233EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/05/27 1:43 a.m.•2 views

WordPress ND Shortcodes plugin <= 7.5 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin ND Shortcodes For Visual Composer versions = 7.5...

6.4CVSS5.7AI score0.00254EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2024/05/25 12:0 a.m.•4 views

PT-2024-35132 · WordPress · Nd Shortcodes

Name of the Vulnerable Software and Affected Versions: ND Shortcodes plugin for WordPress versions up to, and including, 7.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's upload feature due to insufficient input sanitization and output escaping. This allows...

6.4CVSS5.7AI score0.00254EPSS

Exploits0References8

OSV•added 2024/05/21 10:15 a.m.•3 views

CVE-2024-4553

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This...

5.4CVSS6AI score0.00393EPSS

Exploits0References3

Vulnrichment•added 2024/05/21 9:31 a.m.•9 views

CVE-2024-4553 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode

6.4CVSS5.8AI score0.00393EPSS

Exploits0References3

WPVulnDB•added 2024/05/21 12:0 a.m.•10 views

WP Shortcodes Plugin < 7.1.6 - Contributor+ Stored XSS via su_members Shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to...

6.4CVSS5.8AI score0.00393EPSS

Exploits0References1Affected Software1

NVD•added 2024/05/18 6:15 a.m.•9 views

CVE-2024-3811

The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'icon' shortcode in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00201EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by